CVE-2023-30013

Name of the Vulnerable Software and Affected Versions TOTOLINK X5000R versions V9.1.0u.6118 B20201102 through V9.1.0u.6369 B20230113

Description The issue concerns a command insertion vulnerability in the setting/setTracerouteCfg component of the TOTOLINK X5000R router's firmware. This vulnerability allows an attacker to execute arbitrary commands through the command parameter, potentially leading to full access to the device. The vulnerability exists due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For TOTOLINK X5000R versions V9.1.0u.6118 B20201102 through V9.1.0u.6369 B20230113, consider disabling the setting/setTracerouteCfg component or restricting access to it until a patch is available. Avoid using the command parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.